Abstract

Hardware Performance Counters (HPCs) are present in most modern processors and provide an interface to user-level processes to monitor their processor performance in terms of the number of micro architectural events, executed during a process execution. In this paper, we analyze the leakage from these HPC events and present a new micro-architectural side-channel attack which observes number of instruction counts during the execution of an encryption algorithm as side-channel information to recover the secret key. This paper first demonstrates the fact that the instruction counts can act as a side-channel and then describes the Instruction Profiling Attack (IPA) methodology with the help of two block ciphers, namely AES and Clefia, on Intel and AMD processors. We follow the principles of profiled instruction attacks and show that the proposed attack is more potent than the well-known cache timing attacks in literature. We also perform experiments on ciphers implemented with popular time fuzzing schemes to subvert timing attacks. Our results show that while the countermeasure successfully stops leakages through the timing channels, it is vulnerable to the Instruction Profiling Attack. We validate our claims by detailed experiments on contemporary Intel and AMD platforms to demonstrate that seemingly benign instruction counts can serve as side-channels even for block cipher implementations which are hardened against timing attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.